REMARKS 

Claims 10-16 and 18 have been canceled. Claims 1 and 17 have been amended to clarify 
the subject matter regarded as the invention. Claims 1-9 and 17 are pending. 

The drawings have been amended in a manner believed to overcome the objection to 
Figure 3A. 

Claim 17 has been amended in a manner believed to overcome the rejection of claim 17 
under 35 USC 101. The cancellation of claim 18 renders moot the rejection of claim 18 under 35 
use 101. 

The Examiner has rejected claims 1-9 and 17 under 35 USC 102(e) as being anticipated 
by Carter. 

The rejection is respectfully traversed. With respect to claims 1 and 17, Carter describes 
a Network Security and Surveillance System that uses artificial intelligence to detect and analyze 
attacks on servers in a protected network. Carter [0180]. Carter describes countermeasures, 
such as deactivating a port from which a prohibited signal is entering, Carter [0222]; but Carter 
appears to contemplate such actions being taken and orchestrated at the network level, e.g., 
switches associated with NSSS 18 of Carter's Figure 1, such as by closing switch ports, not at 
the protected hosts themselves, i.e., protected servers 114. As such, the "countermeasures" 
described by Carter are not "host-based" security measures, as recited in claims 1 and 17. In 
addition, as amended claims 1 and 17 describe the host-based security measure being deployed 
with respect to each of a plurality of host services "in a manner determined at least in part by the 
corresponding risk profile of that host service." Support for the amendments to claims 1 and 17 
is found, without limitation, in the application at page 10, lines 14-20 and page 14, lines 3-7. As 
described in the present application, applying host-based security measures only with respect to 
those services that require protection (e.g., those that do or may communicate, either directly or 
indirectly, with remote hosts and/or applications at a given time), and with respect to each in a 
manner (e.g., to a degree) indicated by its corresponding risk profile, conserves host resources 
(e.g., CPU cycles) and minimizes interference with other host activities. Deploying a 
countermeasure in response to a specific, detected threat or attack, as taught by Carter, is not the 
same as selectively and/or differentially deploying a host-based security measure on a per- 
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service basis, based on the respective risk profiles of the various host services, as recited in 
claims 1 and 17. As such, claims 1 and 17 are believed to be allowable. 

Claims 2-9 depend from claim 1 and are believed to be allowable for the same reasons 
described above. 

The foregoing amendments are not to be taken as an admission of unpatentability of any 
of the claims prior to the amendments. 

Reconsideration of the application and allowance of all claims are respectfully requested 
based on the preceding remarks. If at any time the Examiner believes that an interview would be 
helpful, please contact the undersigned. 

Respectfully submitted, 

Dated: 2 t Mfli?i^O"W> 

William J. James 
Registration No. 40,661 
V 408-973-2592 
F 408-973-2595 



VAN PELT, YI & JAMES LLP 
10050 N. Foothill Blvd., Suite 200 
Cupertino, CA 95014 
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